Security

Security bulletins

Security bulletins - archive

Articles and IBM Redbooks

	2010
	2009
	2008
	2007
	Archive

Security bulletins provide important information about Lotus software products, including known security issues, troubleshooting tips, and more. Security bulletins come from the Lotus Support site.

January 2010

• Potential cross-site scripting vulnerabilities in Lotus iNotes ultra-light mode

Back to top

September 2009

• Response to 'IBM Lotus Notes 8.5 RSS Widget Privilege Escalation'

August 2009

• Potential security issue with Lotus Notes file viewer for Microsoft Excel

March 2009

• Potential security issue with Lotus Notes file viewer for WordPerfect

Back to top

May 2008

• Lotus Domino Web server 'Accept-Language' stack overflow
• Potential vulnerability in servlet engine/Web container in Lotus Domino Web servers
• Potential stack overflow vulnerability with IBM Lotus Sametime Community Services multiplexer (MUX)

April 2008

• URL handler vulnerability affects Lotus Symphony and Lotus Expeditor
• Potential security vulnerabilities in Lotus Notes file viewers for Applix Presents, Folio Flat File, HTML speed reader, KeyView and MIME

February 2008

• Possible Java plug-in vulnerability in Lotus Notes
• Java applet signatures and the Execution Control List

January 2008

• Potential Cross-Site Scripting (XSS) vulnerability in IBM Lotus Sametime client
• CERT VU#963889 - ActiveX Control Buffer Overflow in Lotus Domino Web Access (iNotes)

Back to top

November 2007

• Buffer overflow vulnerability in Lotus Notes file viewer for Lotus 1-2-3
• Cross Site Scripting (XSS) vulnerability in IBM Lotus Domino Web Server

October 2007

• Lotus Domino IMAP Buffer Overflow Vulnerability
• Potential Security Issue with CA Process Command in Lotus Domino Console
• IBM Lotus Notes Memory Mapped Files
• Lotus Notes Buffer Overflow Vulnerability with HTML message
• Potential Notes Workstation Execution Control List (ECL) Security Vulnerability
• Evaluate LotusScript Method Returning Unexpected Results
• Buffer Overflow Vulnerability in Lotus Notes File Viewers (multiple file formats)
• Buffer Overflow Vulnerability in Lotus Notes File Viewers (.wpd, .sam, .doc, and .mif )
• Lotus Notes Denial of Service due to malformed SMTP message

July 2007

• Potential Cross Site Scripting (XSS) vulnerability in IBM Lotus Sametime Server
• Response to 'Password exposure in Lotus Notes'

June 2007

• Accessing certain URLs can cause the IBM Lotus Domino Web Server to crash
• Vulnerability in agent signature verification which may result in elevation of user's rights to Full Access Administrator

March 2007

• Potential Cross Site Scripting (XSS) Vulnerability in Domino Web Access
• IBM Lotus Sametime JNILoader Vulnerability
• IBM Lotus Domino IMAP Server Buffer Overflow Vulnerability
• IBM Lotus Domino Buffer Overflow Vulnerability in LDAP Server Task
• Lotus Domino Web Access Cross-Site Scripting Vulnerability

February 2007

• Response to 'Lotus Domino R5/R6 HTTPPassword dump'

Back to top

For prior bulletins, see the Security bulletins - archive tab.

Back to top